October 23, 2008

Blue Box #85: Internet phone calls and terrorism, Georgia Tech report on Emerging Cyber Security Threats, phone jamming, 802.1X-REV, 802.1AE, VoIP security news and more

Synopsis: Blue Box #85: Internet phone calls and terrorism, Georgia Tech report on Emerging Cyber Security Threats, phone jamming, 802.1X-REV, 802.1AE, VoIP security news and more

Welcome to Blue Box: The VoIP Security Podcast #85, a 32-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 15 MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on October 23, 2008 at 03:42 PM in Blue Box, Podcasts, VoIP Security | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , , , , ,

October 20, 2008

Blue Box #84: New Cisco, Avaya, Nortel VoIP security vulnerabilities from VoIPShield, Skype in China, UCSniff and other new tools, news and more

Synopsis:  Blue Box #84: New Cisco, Avaya, Nortel VoIP security vulnerabilities from VoIPShield, Skype in China, UCSniff and other new tools, news and more

Welcome to Blue Box: The VoIP Security Podcast #84, a 30-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

NOTE: Long-time listeners will note that the show notes above are in a less descriptive form than usual. After almost three years of using one wiki for preparing for our shows, Jonathan and I switched to using a new system and are still working out some of the details that will speed the input into show notes.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on October 20, 2008 at 09:32 AM in Blue Box, Podcasts, VoIP Security, VOIPSA | | Comments (1) | TrackBack (1)

Technorati Tags: , , , , , , , , , , , , , , , , , , , , , ,

October 16, 2008

Blue Box #83: SIP and Asterisk vulnerabilities, voice biometrics, P2PSIP, Aircell blocking Skype, VoIP security news and more…

Synopsis:  Blue Box #83: SIP and Asterisk vulnerabilities, voice biometrics, P2PSIP, Aircell blocking Skype, VoIP security news and more…

Welcome to Blue Box: The VoIP Security Podcast #83, a 39-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 18MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was recorded on September 4, 2008.

You may also listen to this podcast right now:

Show Content:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on October 16, 2008 at 11:10 AM in Blue Box, Podcasts, VoIP Security | | Comments (0) | TrackBack (1)

Technorati Tags: , , , , , , , , , , , , , , , , , , , ,

September 03, 2008

Blue Box SE#026 - Astricon 2007 presentation on VoIP security and Asterisk

Synopsis:  Blue Box Special Edition #26: Astricon 2007 presentation - "Hacking and Attacking VoIP Systems: What you need to worry about"

Welcome to Blue Box: The VoIP Security Podcast Special Edition #26, a 55-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 6MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

A year ago in September 2007, I (Dan York) spoke at Astricon 2007 in Arizona, USA, about "Hacking and Attacking VoIP Systems: What You Need To Worry About" My presentation covered a lot of the typical VoIP security threats, tools and best practices but also expanded a bit into specific security issues with Asterisk.  Please do keep in mind that it has been a year since this presentation and so some of the issues I mention have been addressed. (Astricon, for those who don't know, is an annual developer conference for those who work with the Asterisk open source telephony platform. Astricon 2008 is, in fact, coming up in about 3 weeks but I will not be attending this year.)

The slides for this talk are available from Slideshare:

Hacking and Attacking VoIP Systems - What You Need To Know
View SlideShare presentation or Upload your own. (tags: voip voipsecurity)

(And yes, at some point I'll sync the audio with the slides.)

Production assistance on this Special Edition was provided by Michael Graves who had a very tough task given the poor quality of the recording that I gave to him!  Kudos to Michael for getting it to sound as good as it does.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on September 03, 2008 at 07:54 PM in Conferences, Podcasts, VoIP Security, VOIPSA | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , ,

July 15, 2008

Blue Box #80: VoIPShield vulnerabilities, what is ethical disclosure?, SIP trunking, VoIP security news, new nomadism, and much more...

Synopsis:  Blue Box #80: VoIPShield vulnerabilities, what is ethical disclosure?, SIP trunking, VoIP security news, new nomadism, and much more...

Welcome to Blue Box: The VoIP Security Podcast #80, a 44-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on April 17, 2008.

You may also listen to this podcast right now:

Show Content:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on July 15, 2008 at 05:20 PM in Blue Box, Podcasts, VoIP Security, VOIPSA | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , ,

June 10, 2008

Blue Box SE#025 - An interview with Eric Hernaez about Solegy and the OpenSBC Project

Synopsis:  Blue Box Special Edition #25: An interview with Eric Hernaez, CEO of Solegy, about the OpenSBC project

Welcome to Blue Box: The VoIP Security Podcast Special Edition #25, a 13-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 6MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

solegylogo.jpgIn this interview, I sat down with Eric Hernaez, CEO of Solegy, to talk about the OpenSBC Project and how it provides an open source implementation of a session border controller (SBC).  We talked about how OpenSBC came about, who is using it, how scalable it is and where users can learn more.  We also discussed Solegy, the company supporting the open source OpenSBC project and what they are doing. It was an enjoyable talk that really came about randomly when I met Eric near the press room at IT Expo in Los Angeles back in September 2007. We had been wanting to learn more about the OpenSBC project so I put my recorder on a table and we started talking.

More information about the OpenSBC project and other open source SIP-related projects can be found at opensourcesip.org.

Production assistance on this Special Edition was provided by Sergio Meinardi.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on June 10, 2008 at 10:53 PM in Blue Box, Open Source, Podcasts, Special Editions, VoIP Security | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , ,

June 09, 2008

Blue Box #79: Asterisk vulnerabilities, VoiceCon/VON coverage, eavesdropping, FBI, ZFone, P2P, VoIP security news and more

Synopsis:  Blue Box #79: Asterisk vulnerabilities, VoiceCon/VON coverage, eavesdropping, FBI, ZFone, P2P, VoIP security news and more

Welcome to Blue Box: The VoIP Security Podcast #78, a 32-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 15MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on March 27, 2008. Yes, that was over two months ago... we know...

You may also listen to this podcast right now:

Show Content:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on June 09, 2008 at 04:30 PM in Blue Box, Podcasts, VoIP Security | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , , , , , , ,

March 25, 2008

Blue Box #77: Skype security vulnerability, German gov't looks at trojans, undersea cable cuts, Microsoft and Yahoo, VoIP security news and more

Synopsis: Blue Box #77: Skype security vulnerability, German gov't looks at trojans, undersea cable cuts, Microsoft and Yahoo, VoIP security news and more

Welcome to Blue Box: The VoIP Security Podcast #76, a 36-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on February 4, 2008.

You may also listen to this podcast right now:

Show Content:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on March 25, 2008 at 05:13 PM in Blue Box, Podcasts, VoIP Security, VOIPSA | | Comments (2) | TrackBack (0)

Technorati Tags: , , , , , , , , , , ,

March 24, 2008

Wow! The offers of production assistance have been wonderful...

WOW! I don't know that there is much else Jonathan and I can say after the incredible response we've had to our request for production assistance (also in SE#24). The offers started coming in within a few hours of SE#24 going live and I think we're up to 12 people now who have said that they'd help. THANK YOU! We're both overwhelmed and humbled by the many great folks who have offered to help... and also the words they sent our way saying how much the show mattered to them. Thank you! At this point, it would definitely look like we're all set for the moment, so it doesn't appear we need any further assistance. Now we just have to get set up to make use of all the offers that have come in! Stay tuned for more info - and more shows!

Technorati Tags: ,

Posted by Dan York on March 24, 2008 at 09:09 AM in Administrivia, Blue Box, Podcasts | | Comments (0) | TrackBack (0)

March 07, 2008

Blue Box SE#024: An Update on Blue Box, Upcoming Shows and A Request For Assistance

Synopsis: Special Edition #24: An Update on Blue Box, upcoming shows and a request regarding production assistance

Welcome to Blue Box: The VoIP Security Podcast Special Edition #24, a 17-minute update on the status of Blue Box episodes, the shows we are attending and a request regarding production assistance.

Download the show here (MP3, 8MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

In this special edition, we provide an update on the status of Blue Box episodes and our travel schedule over the next few weeks.  Specifically:

  • IETF-71, March 10-14, Philadelphia, PA, USA
    • Dan will be at IETF 71 next week attending the sessions related to Real-time Applications and Infrastructure (RAI)
    • There will be audio streaming and IM chatrooms if you you would like to listen in to IETF sessions. Watch the VOIPSA blog for more information.
  • VON.x, March 17-20, San Jose, CA, USA
    • Jonathan will be attending
    • The will be a dinner on Tuesday evening, March 18th, hosted by Dean Elwood to which Blue Box listeners are invited. Please RSVP by this coming Wednesday, March 12th, preferably in the Facebook event or if you avoid Facebook via email to Dean. Jonathan will be there as well as Martyn Davies and a number of VoIP bloggers and other interesting folks.
  • VoiceCon Orlando, March 17-20, Orlando, FL, USA
    • Dan will be attending and moderating two panels (voip security and open source) and participating in a keynote panel on social networking and enterprise communications.
    • Dan is looking to set up a dinner, probably on Tuesday evening. Watch the blog for more info.
    • Longtime listener and commenter Craig Bowser will also be there.

We also discussed the challenges we are experiencing finding the time to do post-production on all the recordings we are making of interviews and panels to turn them into Special Editions. To that end, we are wondering if any listeners would be willing to assist in the post-production of some of these recordings. More information is available on the Blue Box website (and obviously in the podcast).

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on March 07, 2008 at 12:34 PM in Blue Box, Podcasts, VoIP Security | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , , , , ,

Next »

The Obligatory Photo

Promote Blue Box!

  • Add this graphic to your site!

Contact Information

Full Disclosure

  • Dan York, CISSP, is the Best Practices Chair of the VOIP Security Alliance (VOIPSA) and the Director of Emerging Communication Technology for Voxeo.

    Jonathan Zar is affiliated with Pingalo and is the Secretary of VOIPSA and member of the Board of Directors.

    This is a personal project and neither Voxeo, Pingalo nor VOIPSA have any formal connection to this podcast. In the interest of transparency we just thought you should know our affiliations.

License

Why "Blue Box"?

  • We chose the name "Blue Box" primarily as a nod to the era of phone phreaking in part to illustrate that threats to telephony are not new - they just continue to change and evolve. That and admittedly the name just sounded cool.

Archives

More...

Categories

VoIP Podroll

Blue Box MP3 Files

Search Blue Box Website

  • Google

    WWW
    blueboxpodcast.com

Search Blue Box Audio

Vote for BlueBox!

  • Enter your Email and click "Vote" to cast your vote for Blue Box at Podcast Alley:

    (email used for vote verification)

Recent Posts

Recent Comments

VoIP Security Books